Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
111112113114115116117118119120
110
Public key configuration
NOTE:
The LB module supports public key configuration at the CLI.
Overview
To protect data confidentiality during transmission, the data sender uses an algorithm and a key to
encrypt the plain text data before sending the data out, and the receiver uses the same algorithm with the
help of a key to decrypt the data, as shown in Figure 102.
Figure 102 Encryption an
d decryption
The keys that participate in the conversion between the plain text and the cipher text can be the same or
different, dividing the encryption and decryption algorithms into the following types:
Symmetric key algorithm—The keys for encryption and decryption are the same.
Asymmetric key algorithm—The keys for encryption and decryption are different, one is the public
key, and the other is the private key. The information encrypted with the public key can only be
decrypted with the corresponding private key, and vice versa. The private key is kept secret, and the
public key may be distributed widely. The private key cannot be practically derived from the public
key. Asymmetric key algorithms include the Revest-Shamir-Adleman Algorithm (RSA), the Digital
Signature Algorithm (DSA), and the Elliptic Curve Digital Signature Algorithm (ECDSA). The LB
module supports RSA algorithm only.
Asymmetric key algorithms can be used in two scenarios for two purposes:
To encrypt and decrypt data—The sender uses the public key of the intended receiver to encrypt the
information to be sent. Only the intended receiver, the holder of the paired private key, can decrypt
the information. This mechanism ensures confidentiality.
To authenticate a sender—Also called digital signature. The sender "signs" the information to be
sent by encrypting the information with its own private key. A receiver decrypts the information with
the sender's public key and, based on whether the information can be decrypted, determines the
authenticity of the information.
RSA can be used for data encryption and decryption, and digital signature. Asymmetric key algorithms
are widely used in various applications. For example, Secure Shell (SSH), Secure Sockets Layer (SSL),
and Public Key Infrastructure (PKI) use the algorithms for digital signature.